PT-2026-43131 · Gnu · Libredwg

Pwn3Rd

·

Published

2026-04-22

·

Updated

2026-07-09

·

CVE-2026-9503

CVSS v3.1

3.3

Low

VectorAV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15
Description A security flaw in the DWG File Handler component occurs within the dwg next entity() function of the src/decode.c file. The issue is caused by incorrect resource cleanup or release, leading to a null pointer dereference. This can be exploited by a local attacker to cause a denial of service (DoS), which is a condition where the system or application becomes unavailable to its intended users.
Recommendations Update to a version later than 0.14. As a temporary workaround, restrict access to the dwg next entity() function to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Improper Resource Release

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

BDU:2026-07297
CVE-2026-9503
OPENSUSE-SU-2026:10879-1

Affected Products

Libredwg